The top threats in emerging technology areas include “drive-by exploits,” which is the injection of malicious code to exploit Web browser vulnerabilities, said the European Union's cyber security agency in a report issued Tuesday.
The European Network and Information Security Agency's ENISA Threat Landscape report summarizes 120 reports from 2011 and 2012 that were collected by the agency.
Other top threats described in the report include:
• Worms and Trojans, which are malicious programs that can replicate and redistribute themselves by exploiting their target system's vulnerabilities.
• Code injection attacks, where adversaries try to extract data, steal credentials, take control of the targeted Web server, or promote their malicious activities by exploiting Web applications' vulnerabilities.
• Exploit kits, which involve the use of software packages that automate cyber crime.
• Botnets, or remotely controlled hijacked computers, where compromised computers are under the attacker's control.
• Distributed denial of service attacks.
• Phishing, or the use of fraudulent emails and websites.
• Data breaches involving compromising of confidential information.
• Rogueware and scareware, which involve the use of fake software cyber criminals distribute to lure users.
• Spam.
The report also discusses recommendations for addressing these issues, which include collecting and developing better evidence about attack vectors, the impact achieved by adversaries and more qualitative information about threat agents.
Copies of the report are available here.
(Reuters) — In a decision that could make it easier for businesses to police cyber theft in the workplace, a U.S. appeals court revived a chemical company's lawsuit accusing a former Toronto-area employee of using her home computer to steal trade secrets from its Connecticut server.